CVE-2026-22218
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-02-02

Assigner: VulnCheck

Description
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22218
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chainlit chainlit to 2.9.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive files on the server running Chainlit. An attacker with valid authentication can read arbitrary files accessible by the service, potentially exposing confidential information, configuration files, or other sensitive data. This can compromise the confidentiality and integrity of your system and data. [1]

Executive Summary

CVE-2026-22218 is an arbitrary file read vulnerability in Chainlit versions prior to 2.9.4. An authenticated user can send a custom Element with a user-controlled path value during the /project/element update flow. This causes the server to copy the referenced file into the attacker's session and generate an element identifier called chainlitKey. The attacker can then use this chainlitKey to retrieve the contents of any file readable by the Chainlit service via the /project/file/<chainlitKey> endpoint, leading to unauthorized disclosure of files. [1]

Detection Guidance

Detection involves verifying if your Chainlit instance is running a version prior to 2.9.4 and monitoring for suspicious authenticated requests to the /project/element update flow that include custom Elements with user-controlled path values. You can look for unusual POST requests to /project/element and subsequent GET requests to /project/file/<chainlitKey> endpoints. Specific commands depend on your environment, but for example, using curl to test the vulnerability would require authentication and crafting a custom Element payload. Since no explicit detection commands are provided, monitoring logs for these patterns is recommended. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Chainlit to version 2.9.4 or later, which includes a security fix that sanitizes inputs for custom thread element updates to prevent this arbitrary file read vulnerability. If you use persistence features, apply the required database migration with the SQL command: `ALTER TABLE steps ADD COLUMN IF NOT EXISTS modes JSONB;`. Additionally, restrict authenticated user permissions to limit exposure until the upgrade is applied. [2]

Compliance Impact

The provided resources do not specify how this arbitrary file read vulnerability in Chainlit affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart